我想爲一些使用Crypto ++庫的加密操作做一個Objective-C包裝類。我有幾個問題,如何從NSData對象獲取密鑰到Crypto ++的密鑰/ iv數組中?
這是我使用
- (void)testSerpentEncryptonMechanism
{
byte key[ CryptoPP::Serpent::MAX_KEYLENGTH ], iv[ CryptoPP::Serpent::BLOCKSIZE ];
::memset(key, 0x50 , CryptoPP::Serpent::MAX_KEYLENGTH);
::memset(iv, 0x10, CryptoPP::Serpent::BLOCKSIZE);
NSString *andThisShalBeEncrypted = @"Serpentine and black...";
NSLog(@"will encrypt %@",andThisShalBeEncrypted);
NSString *encrypted = [self encryptWithSerpentString:andThisShalBeEncrypted withKey:key];
NSLog(@"encrypted:%@",encrypted);
NSString *decrypted = [self decryptWithSerpentString:encrypted withKey:key andIV:iv];
NSLog(@"decrypted: %@",decrypted);
}
- (NSString *)encryptWithSerpentString:(NSString *)plaintext withKey:(byte[])keyArray
{
std::string ptext = [plaintext UTF8String];
std::string ciphertext;
byte key[ CryptoPP::Serpent::MAX_KEYLENGTH ], iv[ CryptoPP::Serpent::BLOCKSIZE ];
::memset(key, 0x50 , CryptoPP::Serpent::MAX_KEYLENGTH);
::memset(iv, 0x10, CryptoPP::Serpent::BLOCKSIZE);
CryptoPP::Serpent::Encryption serpentEncryptor (key, CryptoPP::Serpent::MAX_KEYLENGTH);
CryptoPP::CBC_Mode_ExternalCipher::Encryption cbcSerpentEncryptor (serpentEncryptor, iv);
CryptoPP::StreamTransformationFilter stfSerpentEncryptor(cbcSerpentEncryptor, new CryptoPP::StringSink (ciphertext));
stfSerpentEncryptor.Put(reinterpret_cast<const unsigned char*>(ptext.c_str()), ptext.length() + 1);
stfSerpentEncryptor.MessageEnd();
std::string finalCT;
CryptoPP::StringSource base64Encoder (ciphertext, true, new CryptoPP::Base64Encoder(new CryptoPP::StringSink(finalCT)));
return @(finalCT.c_str());
}
- (NSString *)decryptWithSerpentString:(NSString *)ciphertext withKey:(byte[])keyArray andIV:(byte[])initializationVector
{
std::string ctext;
std::string plaintext;
byte key[ CryptoPP::Serpent::MAX_KEYLENGTH ], iv[ CryptoPP::Serpent::BLOCKSIZE ];
// ::memset(key, &keyArray , CryptoPP::Serpent::MAX_KEYLENGTH);
// ::memset(iv, (byte[])initializationVector, CryptoPP::Serpent::BLOCKSIZE);
::memset(key, 0x50 , CryptoPP::Serpent::MAX_KEYLENGTH);
::memset(iv, 0x10, CryptoPP::Serpent::BLOCKSIZE);
// decode from base64
std::string encoded = [ciphertext UTF8String];
CryptoPP::StringSource base64Encoder (encoded, true, new CryptoPP::Base64Decoder(new CryptoPP::StringSink(ctext)));
CryptoPP::Serpent::Decryption serpentDecryptor (key, CryptoPP::Serpent::MAX_KEYLENGTH);
CryptoPP::CBC_Mode_ExternalCipher::Decryption cbcSerpentDecryptor (serpentDecryptor, iv);
CryptoPP::StreamTransformationFilter stfSerpentDecryptor(cbcSerpentDecryptor, new CryptoPP::StringSink (ctext));// crash
stfSerpentDecryptor.Put(reinterpret_cast<const unsigned char*>(ctext.c_str()), ctext.length() + 1);
stfSerpentDecryptor.MessageEnd();
return @(ctext.c_str());
}
1中的代碼)我如何通過鑰匙/ IV作爲方法參數?同類型CryptoPP的:: InvalidCiphertext未捕獲的異常終止:StreamTransformationFilter試圖decrpyt
的libC++ abi.dylib時見註釋代碼,還是不行......
2)我得到一個崩潰:密文長度不是塊大小的倍數
爲什麼?我認爲解密是自動的,並且加密將相應地填充明文... 我還想爲方法添加一個HMAC ...這將在加密之後添加並在解密之前進行檢查,對嗎?
想知道爲什麼你選擇了「蛇」。 – zaph
非常高的安全邊際... – user1028028
有趣。剛剛與我的Crypto領域專家進行了覈對:AES是一個更好的選擇,也是非傳統使用的轉向選擇。 3DES需要DES兼容性時。我認爲你的專家有一個很好的選擇蛇的理由。 – zaph